Security News

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway appliances. "The vulnerability stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product."

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. "Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the Microsoft Threat Intelligence team said.

"Based on the investigation, it was determined that information potentially accessed in the incident varied for each individual and may have included personal, medical, health insurance or financial information, and in some limited cases, Social Security numbers," according to a notice on Apria's website. The healthcare biz also provided more details about what happened in a data security breach notification letter sent to 1,869,598 people.

Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database was posted this month for free on hacking forums. Luxottica suffered a data breach in August 2020 that exposed the personal information of 829,454 EyeMed and Lenscrafters patients.

TRANServe - an electronic travel pass system managed by DoT, and used by many employees across the federal government to encourage use of public transport - told Congress it made a mistake in protecting that data.The DoT told The Register its CIO office "Isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing," adding that the incident did not affect any transportation safety systems.

TRANServe - an electronic travel pass system managed by DoT, and used by many employees across the federal government to encourage use of public transport - told Congress it made a mistake in protecting that data. The DoT told The Register its CIO office "Isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing," adding that the incident did not affect any transportation safety systems.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. "We at Brightly Software are writing to let you know about a recent security incident affecting an account you have on our SchoolDude application, an online platform used by educational institutions for placing and tracking maintenance work orders," Brightly told affected SchoolDude users.

Joseph James O'Connor, aka 'PlugwalkJoke,' has pleaded guilty to multiple cybercrime offenses, including SIM swapping attacks, cyberstalking, computer hacking, and hijacking high-profile accounts on Twitter and TikTok. O'Connor admitted his role in the hack that impacted Twitter in June 2020, where he and his three co-conspirators gained access to the accounts of high-profile individuals such as Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Warren Buffet, Binance, Apple, Uber, and Bitcoin.

Britain's leaky outsourcing behemoth Capita is warning investors that the clean-up bill for its recent digital break-in will cost up to £20 million. At the end of March, the business was blindsided when criminals broke into its tech infrastructure and stayed inside for more than a week before Capita realized it was the victim of a "Cyber incident."